CVE-2025-57796

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2026-01-28

Last updated on: 2026-02-05

Assigner: Mandiant Inc.

Description

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-01-28

Last Modified

2026-02-05

Generated

2026-06-16

AI Q&A

2026-01-29

EPSS Evaluated

2026-06-14

NVD

CVE-2025-57796

EUVD

EUVD-2025-206466

Affected Vendors & Products

Vendor	Product	Version / Range
explorance	blue	to 8.14.12 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-257	The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

CWE ID

Description

CWE-257

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

Attack-Flow Graph

Executive Summary

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. Because the encryption key is static and hardcoded, an attacker who obtains the encrypted data can decrypt it offline, exposing sensitive information.

Impact Analysis

This vulnerability can lead to exposure of sensitive data such as user passwords and system configurations if an attacker obtains the encrypted data. Since the encryption is reversible with a hardcoded key, the attacker can decrypt the data offline, potentially compromising user accounts and system security.

Hi! I’m here to help you understand CVE-2025-57796. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2025-57796

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart